This project has retired. For details please refer to its Attic page.
ArchivaLockedAdminEnvironmentCheck xref
View Javadoc
1   package org.apache.archiva.web.security;
2   /*
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   * http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   */
20  
21  import org.apache.archiva.admin.model.RepositoryAdminException;
22  import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
23  import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
24  import org.apache.archiva.redback.rbac.RBACManager;
25  import org.apache.archiva.redback.rbac.RbacManagerException;
26  import org.apache.archiva.redback.rbac.UserAssignment;
27  import org.apache.archiva.redback.system.check.EnvironmentCheck;
28  import org.apache.archiva.redback.users.User;
29  import org.apache.archiva.redback.users.UserManager;
30  import org.apache.archiva.redback.users.UserManagerException;
31  import org.apache.archiva.redback.users.UserNotFoundException;
32  import org.apache.commons.lang3.StringUtils;
33  import org.slf4j.Logger;
34  import org.slf4j.LoggerFactory;
35  import org.springframework.context.ApplicationContext;
36  import org.springframework.stereotype.Service;
37  
38  import javax.annotation.PostConstruct;
39  import javax.inject.Inject;
40  import javax.inject.Named;
41  import java.util.ArrayList;
42  import java.util.List;
43  
44  /**
45   * @author Olivier Lamy
46   */
47  @Service( "environmentCheck#archiva-locked-admin-check" )
48  public class ArchivaLockedAdminEnvironmentCheck
49      implements EnvironmentCheck
50  {
51  
52      protected Logger log = LoggerFactory.getLogger( getClass() );
53  
54  
55      @Inject
56      @Named( value = "rbacManager#cached" )
57      private RBACManager rbacManager;
58  
59      /**
60       * boolean detailing if this environment check has been executed
61       */
62      private boolean checked = false;
63  
64      @Inject
65      private ApplicationContext applicationContext;
66  
67      @Inject
68      private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
69  
70      private List<UserManager> userManagers;
71  
72      @PostConstruct
73      protected void initialize()
74          throws RepositoryAdminException
75      {
76          List<String> userManagerImpls =
77              redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().getUserManagerImpls();
78  
79          List<String> updated = new ArrayList<>(  );
80          userManagers = new ArrayList<>( userManagerImpls.size() );
81  
82          for ( String beanId : userManagerImpls )
83          {
84              // for migration purpose to help users
85              if ( StringUtils.equalsIgnoreCase( beanId, "jdo" ))
86              {
87                  log.info( "jdo is not anymore supported we auto update to jpa" );
88                  beanId = "jpa";
89              }
90              updated.add( beanId );
91              userManagers.add( applicationContext.getBean( "userManager#" + beanId, UserManager.class ) );
92          }
93          redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().setUserManagerImpls( updated );
94      }
95  
96      /**
97       * This environment check will unlock system administrator accounts that are locked on the restart of the
98       * application when the environment checks are processed.
99       *
100      * @param violations
101      */
102     @Override
103     public void validateEnvironment( List<String> violations )
104     {
105         if ( !checked )
106         {
107 
108             for ( UserManager userManager : userManagers )
109             {
110                 if ( userManager.isReadOnly() )
111                 {
112                     continue;
113                 }
114                 List<String> roles = new ArrayList<>();
115                 roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE );
116 
117                 List<? extends UserAssignment> systemAdminstrators;
118                 try
119                 {
120                     systemAdminstrators = rbacManager.getUserAssignmentsForRoles( roles );
121 
122                     for ( UserAssignment userAssignment : systemAdminstrators )
123                     {
124                         try
125                         {
126                             User admin = userManager.findUser( userAssignment.getPrincipal() );
127 
128                             if ( admin.isLocked() )
129                             {
130                                 log.info( "Unlocking system administrator: {}", admin.getUsername() );
131                                 admin.setLocked( false );
132                                 userManager.updateUser( admin );
133                             }
134                         }
135                         catch ( UserNotFoundException ne )
136                         {
137                             log.warn( "Dangling UserAssignment -> {}", userAssignment.getPrincipal() );
138                         }
139                         catch ( UserManagerException e )
140                         {
141                             log.warn( "fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(),
142                                       e.getMessage() );
143                         }
144                     }
145                 }
146                 catch ( RbacManagerException e )
147                 {
148                     log.warn( "Exception when checking for locked admin user: {}", e.getMessage(), e );
149                 }
150 
151                 checked = true;
152             }
153 
154         }
155 
156     }
157 }